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PATENT 


A-68938/MAK/LM / A-68938 


A Secure, Encrypting PIN Pad 

5 This invention relates to encryption circuits and to PIN 

pads. More specifically, this invention relates to the securing through 
encryption of information entered on a PIN pad. 

Background 

10 Well established in the art of securing a financial 

transaction is the use of a key pad to verify that the person transacting 
business is in fact the rightful person authorized to perform the 
transaction. Many people are familiar with the personal identification 
numbers or "PINs" that are ubiquitous in transactions involving debit 

15 cards. 

The reasoning behind PINs is that only the person authorized 
to use the account underlying the debit card knows the PIN for the card. 
As such, any person's ability to produce that PIN on demand verifies that 
he is in fact the person authorized to transact business using the 
20 account. 

A weak link in this reasoning is the assumption that 
knowledge of a PIN proves that the knowledgeable person is the rightful 
person. A wrongful person of ill will may acquire the PIN through a 
number of means: She may trick the information from the rightful person. 

25 She may oversee the entry of the PIN into a pad. She may access the 
database of account numbers and PINs of a business that previously 
completed a transaction with the account. She may access the database of 
account numbers and PINs of the financial institution maintaining the 
account. At a more sophisticated level, she may intercept the 

30 transmission of the PIN information between the PIN pad on which it is 
entered and the computer that verifies it. 
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Figure 1 illustrates a trans action -verification system 100 
according to the prior art. The system 100 includes a merchant 120, 
alliances and partners 130, processing center 140 and service providers 
1A0. The system 100 also includes communications links 160, 170 and 180. 

5 The links 160, 180 communicatively couple the merchant 120 

and alliances and business partners 130. The links 170, 180 
communicatively couple the alliance and partners 130 and the processing 
center 140. The link 180 communicatively interconnects the merchant 120, 
the alliances and partners 130, the processing center 140 and the service 

10 providers 1A0. The link 180 may be the Internet. 

The merchant 120 includes a merchant data center 127, one or 
more point-of-sale (POS) platforms 126 and the communications link 128. 
The link 128 communicatively couples the POS system 126 and the merchant 
data center 127. 

15 The POS platform 126 itself includes a cash register 1262 or 

the like, a keypad 1261 and a communications link 1263. The link 1263 
communicatively couples the cash register 1262 and the keypad 1261. 

Where a data center 130, 140, 1AO verifies a PIN entered on 
the keypad 1261, the PIN information travels over several of the 

20 communications links 1263, 128, 160, 170, 180 before the data center 
receives the information for verification. A sophisticated malefactor 
may intercept the PIN information along any of these communications 
links. 

In response, the art has evolved to encrypt or otherwise 
25 protect PIN information almost always over a communications link 160, 170 
or 180 and sometimes over a communications link 128: The merchant's data 
center 127 encrypts the PIN before passing it on to the business partner 
130, 140, 1AO to verify. 

However, the PIN information still travels unencrypted over 
30 multiple communications links. The sophisticated malefactor still may 
intercept PIN information along the link 1263 between the PIN keypad and 
the first computer system capable of encrypting the PIN information - 
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here, the cash register 1262. The sophisticated malefactor may intercept 
PIN information between the cash register 1262 and the merchant's data 
center 127. 

Accordingly, a method of securing the entry and verification 
5 of a PIN is desirable where the unencrypted PIN information virtually 
cannot be intercepted between its entry on a PIN pad and a first 
receiving computer system capable of encrypting the information. 

These and other goals of the invention will be readily 
apparent to one of ordinary skill in the art on reading the background 
10 above and the description below. 

Summary 

Herein are described apparatus and methods for encrypting an 
identifier such as a PIN entered on a keypad. The apparatus may include 
15 a pad, an encrypting circuit adjacent the pad and a link. The pad is for 
entering an identifier, and the circuit for encrypting the entered 
identifier. The link communicatively couples the pad and the encrypting 
circuit. 

The pad may be a physical touch pad such as an N-wire- 
20 technology touch pad (where N is 4, 5, 6, 7 or other). Alternatively, 
the pad may be a virtual touch screen. 

The encrypting circuit may be a CPU along with a memory 
coupled to the CPU and programmed to encrypt. The CPU and programmed 
memory may be the first CPU programmable to encrypt the entered 
25 identifier, through which the identifier passes. 

The encrypting circuit may be a microcontroller programmed to 
encrypt. In still another variation, the encrypting circuit may be an 
application-specific integrated circuit (ASIC). 

The apparatus may include a housing that encloses the 
30 encrypting circuit and link. The housing would be resistant to access, 
tampering or tapping. The housing may be at least partially of chip-on- 
glass technology. 
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The encrypting 'circuit may be embedded in the housing, as may 

the link. 

A method for encrypting an identifier includes placing a pad 
for entering an identifier, a circuit for encrypting an identifier and a 
5 link communicatively coupling the pad and the circuit adjacent in an 
access-resistant housing. An identifier is entered on the pad and 
communicated to the encrypting circuit. The encrypting circuit encrypts 
the identifier. The encrypted identifier may be forwarded for 
verification. 

10 

BRIEF DESCRIPTION OF THE DRAWINGS 
Figure 1 illustrates a transaction-verification system 
according to the prior art. 

Figure 2 illustrates a transaction system incorporating an 
15 embodiment of the invention. 

Figure 3 is a block diagram of the components of the keypad 
from the transaction system of Figure 2. 

Figure 4 illustrates physical aspects of the pin pad of 

Figure 2. 

20 

DESCRIPTION OF THE INVENTION 

DEVICES 

- A Secure, Encrypting PIN Pad 

Figure 2 illustrates a transaction-verification system 200 
25 according to the prior art. The system 200 includes a merchant 220, 
alliances and partners 130, processing center 140 and service providers 
1A0. The system 200 also includes communications links 160, 170 and 180. 

The links 160, 180 communicatively couple the merchant 220 
and alliances and business partners 130. The links 170, 180 
30 communicatively couple the alliance and partners 130 and the processing 
center 140. The link 180 communicatively interconnects the merchant 220, 
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the alliances and partners 130, the processing center 140 and the service 
providers 1A0. The link 180 may be the Internet. 

The merchant 220 may include a merchant data center 227, one 
or more point-of-sale (POS) platforms 226 and the communications link 

5 228. The link 228 communicatively couples the POS system 226 and the 
merchant data center 227. 

The POS platform 226 itself may include a cash register 2262 
or the like, a keypad 2261 and a communications link 2263. The link 2263 
communicatively couples the cash register 2262 and the keypad 2261. 

10 Figure 3 is a block diagram of the components of the keypad 

2261. The keypad 2261 may include a touch- pad 310, a controller 320 and 
a microcontroller 330, as well as the communications links 340 and 350. 
The link 340 communicatively couples the touch pad 310 and the controller 
320, while the link 350 communicatively couples the controller 320 and 

15 the microcontroller 330. 

The touch pad 310 is of any type known in the art, and 
therefore, further description of it is omitted - except to say that in 
one embodiment, the output of the touch pad 310 is consistent with one of 
the N-wire technologies known in the art of touch pads and that in 

20 another embodiment, the touch pad 310 is an LCD/touch-pad combination 
also known in the art. (N is 4, 5, 7 or some other number.) 

The controller 320 contains sufficient intelligence to accept 
the output of the touch pad 310 and convert it into input usable by the 
microcontroller 330. Where the output of the touch-pad 310 is N-wire- 

25 technology output (N equals, 4, 5, 7 or other), the controller 320 
produces an output representative of a sequence of positions where the 
touch pad 310 has been touched. 

The microcontroller 330 may contain a CPU 335, a memory 331, 
332, a touch-pad interface 333 and a POS-system interface 334. The memory 

30 331, 332 of the microcontroller 330 may be programmed to perform the 
invention as described herein, including receiving, converting and 
encrypting input from the controller 320. Alternatively, the 
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microcontroller 330 may include an application- specific integrated 
circuit (ASIC) or other hardware 336 for performing the encryption. 

The touch-pad interface 333 may be a parallel /serial 
conversion port. 

5 The microcontroller 330 may be embedded conceptually, 

physically or both: The microcontroller 330 may form part of a larger 
machine of some non-computing type, here, a keypad 2261 or a POS 226. 
Also, the construction of the keypad 2261 may include chip-on-glass (COG) 
technology, well known in the art of LCDs, wherein the microcontroller 

10 330 and the touch pad controller 320 are embedded in glass. Where the 
microcontroller 330 and the controller 320 are embedded, the link 350 may 
be embedded. Preferably, the link 340 is embedded as much as is 
practicable. 

Alternatively, the microcontroller 330 and the controller 320 
15 may be embedded in the substance of 'the touch pad 310. That is to say, 
the circuitry 330, 320 may exist in the glass or the substrate of the 
touch pad 310 or in the (typically, plastic) housing of the touch pad 
310. Again, where the circuitry 330, 320 are embedded, the link 350 may 
be embedded - preferably, as much as is practicable. 
20 The embedding technology (COG or otherwise) has the advantage 

that the surrounding mass provides tamper- resistant protection -- 
particularly anti-tap protection — for the microcontroller 330 and the 
circuitry 320 and links 340, 350 between it and the touch pad 310. Also, 
the adjacency (that is to say, nearness) of the microcontroller 330 to 
25 the touch pad 310 reduces the physical space to which a malfeasant may 
have access. 

The touch pad 310 may have a flex tail for its connection 
340. The flex tail may be embedded in the glass, substrate or housing of 
the touch pad 310. 

30 Figure 4 illustrates physical aspects of the pin pad 2261. 

The glass 370 and the touch pad 310 touch. The circuit 330 is sandwiched 
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between the glass 370 and the touch pad 310. The glass is less than 0.5 
inches thick and is typically 0.053 inches or less. 

When a person touches the keypad, an N-wi re-technology touch 
pad 310 generates voltages. The controller 320 converts these voltages 
5 into positional representations ("positions") and presents these 
positions to the microcontroller 330 on the interface 333. The 
microcontroller 330 converts the representations from positional to 
alphanumeric. 

Now, with the alphanumeric PIN in its memory 331, 332, the 

10 microcontroller 330 encrypts the PIN information and forwards it to the 
verifying component (say, transaction-security component 1A0) of the 
transaction system for verification. 

As is well known in the art of encryption, at least one 
component of the transaction system 200 knows how to decrypt the PIN 

15 information from the keypad 2261. However, some component different from 
the verifying component and between the keypad 2261 and the verifying 
component may decrypt the PIN information and re-encrypt it according to 
a second protocol before forwarding it to the verifying component. 
Alternatively, an intermediate component may doubly encrypt the PIN 

20 information, that is to say, encrypt the already encrypted PIN 

information (possibly according to a second protocol) before forwarding 
that information to the verifying component. 

The invention now being fully described, many changes and 
modifications that can be made thereto without departing from the spirit 

25 or scope of the appended claims will be apparent to one of ordinary skill 
in the art. The controller 320's converting the positional information 
of the touch pad 310 into alphanumeric information (rather than the 
microcontroller's doing so) is an example. That the circuit 330 may be 
separate or integrated into the touch pad is another example. 

30 
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WHAT IS CLAIMED IS : 


1 1. An apparatus for encrypting an identifier, the 

2 apparatus comprising: 

3 a pad for entering an identifier; 

4 a circuit, adjacent the pad, for encrypting the entered 

5 identifier: and 

6 a link, communicatively coupling the pad and the encrypting 

7 circuit. 

1 2. The apparatus of claim 1, 

2 wherein the pad comprises 

3 a touch pad. 

1 3. The apparatus of claim 2, 

2 wherein the touch pad comprises 

3 an N-wi re- technology touch pad. 

1 4. The apparatus of claim 2, 

2 wherein the touch pad comprises 

3 a four-wire-technology touch pad. 

1 5. The apparatus of claim 2, 

2 wherein the touch pad comprises 

3 a seven-wire-technology touch pad. 

1 6. The apparatus of claim 1, 

2 wherein the pad comprises 

3 a touch screen. 

1 7. The apparatus of claim 1, 
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2 wherein the pad comprises 

3 a pad for entering a personal identifier (PIN). 

1 8. The apparatus of claim 1, wherein the encrypting 

2 circuit comprises 

3 a CPU; and 

4 a memory, coupled to the CPU and programmed to encrypt. 

1 „ 9. The apparatus of claim 8, wherein the CPU and 

2 programmed memory are the first CPU, programmable to encrypt the entered 

3 identifier, through which the identifier passes. 

1 10. The apparatus of claim 1, wherein the encrypting 

2 circuit comprises 

3 a microcontroller programmed to encrypt. 

1 11. The apparatus of claim 1, wherein the encrypting 

2 circuit comprises 

3 an application-specific integrated circuit (ASIC). 

1 12. The apparatus of claim 1, further comprising 

2 a housing enclosing the encrypting circuit and link and 

3 resistant to access. 

1 13. The apparatus of claim 12, wherein the housing 

2 comprises 

3 housing resistant to tampering. 

1 14. The apparatus of claim 12, wherein the housing 

2 comprises 

3 housing resistant to tapping. 
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1 15. The apparatus of claim 12, wherein the housing 

2 comprises 

3 housing at least partially of chip-on-glass technology. 

1 16. The apparatus of claim 12, wherein the housing 

2 comprises 

3 housing in which the encrypting circuit is embedded. 

1 17. The apparatus of claim 12, wherein the housing 

2 comprises 

3 housing in which the link and encrypting circuit are 

4 embedded . 

1 18. An apparatus for encrypting an identifier, the 

2 apparatus comprising: 

3 a pad, comprising one of a touch screen and an N-wire- 

4 technology touch pad, for entering a personal identifier (PIN); 

5 a circuit, adjacent the pad and comprising one of a 

6 programmed microcontroller and an ASIC, for encrypting the entered 

7 identifier; 

8 a link, communicatively coupling the pad and the encrypting 

9 circuit; and 

10 a housing, resistant to access and at least partially of 

11 chip-on-glass technology, in which the link and encrypting circuit 

12 are embedded. 

1 19. A method for encrypting an identifier, the method 

2 comprising: 

3 placing a 

4 pad for entering an identifier, 
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5 a circuit for encrypting an identifier and 

6 a link communicatively coupling the pad and the 

7 encrypting circuit 

8 adjacent in an access -resistant housing; 

9 entering a identifier on the pad; 

10 communicating the identifier to the encrypting circuit; and 

11 encrypting the identifier by means of the encrypting circuit. 

1 20. The method of claim 19, further comprising the step of 

2 forwarding the encrypted identifier for verification. 

1 21. An apparatus for encrypting an identifier, the 

2 apparatus comprising: 

3 a pad for entering an identifier; 

4 a circuit for encrypting the entered identifier, the circuit 

5 being the first circuit receiving and programmable or designed to 

6 encrypt the entered identifier; 

7 a link, communicatively coupling the pad and the encrypting 

8 circuit; and 

9 a housing, shielding the link and circuit from physical 
10 access. 

1 22. The apparatus of claim 21, wherein the circuit 

2 comprises 

3 a circuit adjacent the pad. 
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A Secure, Encrypting PIN Pad 


Abstract 

Apparatus and methods for encrypting an identifier such as a 
PIN entered on a keypad. The apparatus may include a pad, an encrypting 
circuit adjacent the pad and a link coupling the pad and the encrypting 
circuit. The pad is for entering an identifier, and the circuit for 
encrypting the entered identifier. The pad may be a physical touch pad 
such as an N-wi re-technology touch pad. Alternatively, the pad may be a 
virtual touch screen. The encrypting circuit may be a CPU along with a 
memory coupled to the CPU and programmed to encrypt. The CPU and 
programmed memory may be the first CPU programmable to encrypt the 
entered identifier, through which the identifier passes. The encrypting 
circuit may be a microcontroller programmed to encrypt. In still another 
variation, the encrypting circuit may be an application-specific 
integrated circuit (ASIC). The apparatus may include a housing that 
encloses the encrypting circuit and link. The housing would be resistant 
to access, tampering or tapping. The housing may be at least partially 
of chip-on-glass technology. The encrypting circuit may be embedded in 
the housing, as may the link. A method for encrypting an identifier 
includes placing a pad for entering an identifier, a circuit for 
encrypting an identifier and a link communicatively coupling the pad and 
the circuit adjacent in an access -resistant housing. An identifier is 
entered on the pad and communicated to the encrypting circuit. The 
encrypting circuit encrypts the identifier. The encrypted identifier may 
be forwarded for verification. 


lmendenhall :1011064vl: 000531 12:25 


13 






DECLARATION FOR PATENT APPLICATION 


As a below-named inventor, I hereby declare that: 

My residence, post office address and citizenship are as stated below next to my name, 

I believe I am the original, first and sole inventor (if only one name is listed below) or an original, first 
and joint inventor <if plural names are listed below) of the subject matter which is claimed and for which 
a patent is sought on the invention entitled A SECURE, ENCRYPTING PIN PAD, the specification of which 

is attached hereto. 

(check 
one) 

□ was filed on as 

Application Serial No. 

and was amended on - 

(if applicable) 

I hereby state that I have reviewed and understand the contents of the above- identified specification, 
including the claims, as amended by any amendment referred to above. 

I acknowledge the duty to disclose to the Patent Office all information known to me to be material to 
patentability as defined in 37 CFR 1.56. 

I hereby claim foreign priority benefits under Title 35, United States Code, §119 of any foreign appl i cation(s) 
for patent or inventor's certificate listed below and have also identified below any foreign application 
for patent or inventor's certificate having a filing date before that of the application on which priority 
is claimed: 


Prior Foreign Appl i cat ion(s) 



Prior 

'ty Claimed 




□ 

□ 

(Number) (Country) 

(Day/Month/Year F 

led) 

Yes 





□ 

□ 

(Number) (Country) 

(Day/Month/Year F 

led) 

Yes 

No 




□ 

□ 

(Number) (Country) 

(Day/Month/ Year F 

led) 

Yes 

No 


I hereby claim the benefit under Title 35, United States Code, §120 of any United States application(s) listed 
below and, insofar as the subject matter of each of the claims of this application is not disclosed in the 
prior United States application in the manner provided by the first paragraph of Title 35, United States 
Code, §112, I acknowledge the duty to disclose to the Patent Office all information known to me to be material 
to patentability as defined in 37 CFR 1.56 which occurred between the filing date of the prior application 
and the national or PCT international filing date of this application: 


(Application Serial No.) (Filing Date) (Status) 

(patented, pending, abandoned) 


(Application Serial No.) (Filing Date) (Status) 

(patented, pending, abandoned) 


A-68938/MAK/LM 
Form No. 1 .02 


DECLARATION FOR PATENT APPLICATION 
Page 1 


08/92 


Direct all telephone calls to LARRY MENDENHALL at 415-781-1989. 


Address all correspondence to: 

FLEHR HOHBACH TEST 
AL BR IT TON & HERBERT LLP 
Suite 3400, Four Embarcadero Center 
San Francisco, California 94111-4187 


File No. A-68958/MAK/LH 


I hereby declare that all statements made herein of my own knowledge are true and that all statements made 
on information and belief are believed to be true; and further that these statements were made with the 
knowledge that willful false statements and the like so made are punishable by fine or imprisonment, or both, 
under Title 18, United States Code, §1001 and that such willful false statements may jeopardize the validity 
of the application or any patent issued thereon. 

Full name of 

first inventor: James C. Lungaro 

Inventor's signature: 

Date: 

Residence: San Jose. California 

Citizenship: UNITED STATES OF AMERICA 

Post Office Address: 1493 Brookdale Drive. San Jose. California 95125 


Full name of 

second inventor: Susan U. Tso 

Inventor's signature: 

Date: 

Residence: Milpitas. California 

Citizenship: UNITED STATES OF AMERICA 

Post Office Address: 289 Woodruff May. Milpitas. California 95035 


A-68938/MAK/LM 
Form No. 1.02 


DECLARATION FOR PATENT APPLICATION 
Page 2 


08/92 


Ful I name of 

third inventor: 
Inventor's signature: 
Date: 

Residence: 

Citizenship: 

Post Office Address: 


Llavanva Fernando 


San Jose. California 


UNITED STATES OF AMERICA 


1510 Rimrock Drive. San Jos 


Full name of 

fourth inventor: 
Inventor's signature: 
Date: 

Residence: 

Citizenship: 

Post Office Address: 

1020037 


Fremont. California 


UNITED STATES OF AMERICA 


? Crown Ridge Common. Fremont. California 94539 


A-68938/MAK/LM 
Form No. 1.02 


DECLARATION FOR PATENT APPLICATION 
Page 3 


08/92 


